Amendments to the Claims 

1 Claim 1 (currently amended): A computer-implemented method of providing cross-domain 

2 authentication in a computing environment, comprising st e ps of : 

3 providing security credentials of an entity to an initial point of contact that provides 

4 content aggregation in the computing environment; 

5 passing the provided credentials from the initial point of contact to a local trust proxy ina 

6 local security domain of the initial point of contact : 

7 authenticating the pass e d cr e d e ntials entity with an authentication service in [[a]] the local 

8 security domai n, using the passed credentials, of th e trust proxy to auth e nticat e th e e ntity for 

9 accessing content from at least one local content service, each of the at least one local content 

1 0 services operable to provide its content from the local security domain for aggregation, by the 

1 1 initial point of contact, in an aggregated view; 

12 responsive to a successfiil outcome of the authenticating, forwarding an authentication 

13 assertion for the successfiil outcome to a remote trust proxy in each of at least one selected 

14 remote security domains, the authentication assertion comprising an identification of the entity; 

15 using the identification from the authentication assertion, by the remote trust proxy in each 

16 of the at least one selected remote security domains, to locate previously-stored security 

17 credentials usable for authenticating the entity in that remote security domain, wherein the located 

18 security credentials usable for authenticating the entity in at least one of the selected remote 

1 9 security domains differ from the security credentials of the entity provided to the initial point of 
2 0 contact; and 

21 authenticating the entity with an authentication service in each of the at least one selected 
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2 2 remote security domains, using the located security credentials usable for authenticating the entity 

2 3 in that remote security domain, authentication perfomicd by the local authentication semce to 

2 4 seamlessly authenticate the entity for accessing other content from at least one remote content 

2 5 service that is operable in that each of at l e ast on e s e l e ct e d remote securit y domains domain[[,]] 

2 6 each of the at l e ast one r e mot e cont e nt s e rvic e s op e rabl e to provide its content from that [[its]] 

2 7 remote security domain for aggregation, by the initial point of contact, in the aggregated view. 

1 Claim 2 (currently amended): The method according to Claim 1, wherein the using st e p 

2 forwarding fiirther comprises th e st e ps of : 

3 consulting policy information to determine which of a plurality of remote security domains 

4 should be selected as the at least one selected remote securit y domain; and 

5 passing th e information fi ' om th e local auth e ntication s e rvic e to e ach of th e d e t e rmin e d 

6 remot e s e curity domains. 

1 Claim 3 (currently amended): The method according to Claim 1 , wherein the using [[step]] the 

2 identification to locate previously-stored security credentials and the authenticating the entity 

3 using the located security credentials enable accessing the other content from e nabl e s e ach of the 

4 remote content services in the selected remote security domains to b e acc e ss e d by th e e ntity 

5 without requiring the entity to provide [[its]] the previously-stored security credentials for those 

6 remot e cont e nt s e rvic e s to the initial point of contact . 



Claim 4 (canceled) 
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Claim 5 (original): The method according to Claim 1, wherein the entity is an end user. 



1 Claim 6 (original): The method according to Claim 1, wherein the initial point of contact is a 

2 portal interface. 

1 Claim 7 (currently amended): The method according to Claim 1, wherein the passing [[step]] is 

2 performed by a proxy of the initial point of contact. 

1 Claim 8 (currently amended): The method according to Claim 7, wherein the proxy of the initial 

2 point of contact performs a protocol conversion, when passing the provided credentials, from a 

3 first protocol used in the providing [[step]] to a second protocol used by the trust proxy. 

1 Claim 9 (original): The method according to Claim 8, wherein the first protocol is Hypertext 

2 Transfer Protocol ("HTTP") or a security-enhanced version thereof 

1 Claim 10 (original): The method according to Claim 8, wherein the second protocol is Simple 

2 Object Access Protocol ("SOAP"). 

Claim 1 1 (canceled) 
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Claim 12 (currently amended): 
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2 comprises the steps of : comprising forwarding the authentication assertion, by the remote trust 

3 proxy in each of the at least one selected remote security domains, to the authentication service in 

4 that remote security domain, which relies on the forwarded authentication assertion when 

5 authenticating the entity using the located security credentials. 

6 forwarding a s e curity tok e n from th e local auth e ntication s e rvic e to a r e mot e trust proxy 

7 in each of the selected remote security domains; and 

8 using the fomarded security token, at each of the remote tmst proxies, to auth e nticat e th e 

9 e ntity with an auth e ntication s e rvic e in th e r e mot e s e curity domain. 

1 Claim 13 (currently amended): The method according to Claim 12, wherein the successful 

2 outcome r e sults of the authenticating auth e ntication by th e auth e ntication semce in the local 

3 security domain and results of the authenticating e ach auth e ntication by th e auth e ntication 

4 s e mces in each of the selected remote securit y domain domains are returned to the initial point of 

5 contact for use when creating the aggregated view . 

1 Claim 14 (currently amended): The method according to Claim 13, further comprising using the 

2 returned successful outcome and the returned results of the authenticating in each of the selected 

3 remote security domains to determine, th e st e p of d e t e rmining, b y the initial point of contact, 

4 which of the content and the other content can be aggregated by the initial point of contact-based 

5 on th e r e turn e d r e sults in the aggregated view . 



Claim 15 (canceled) 
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1 Claim 16 (currently amended): A system for enabling an entity to have seamless access to a 

2 plurality of aggregated services which have different identity requirements, comprising: 

3 at least one computer, each comprising a processor: and 

4 instructions which execute on at least one of at least one computers, using the processor 

5 of the computer, to implement functions comprising: 

6 m e ans for initially authenticating the entity, by a first authentication component in 

7 a local security domain , for access to a &st service in the local security domain using an identity 

8 provided by the entity using an aggregation interface in the local security domain : 

9 means for mapping the provided identification identity, in each of at least one 

1 0 remote security domains, to the differing different identity requirements of at least one other 

1 1 service which is provided by that remote security domain and which is to be aggregated with the 

12 first service, thereby establishing mapped identity requirements for each of the at least one other 

13 services; 

14 means for subsequently authenticating the entit y, by an authentication component 

15 in each of the at least one remote secmty domains, for access to each of the at least one other 

16 services which is provided by that remote security domain , by an auth e ntication compon e nt 

1 7 associat e d with that oth e r s e rvic e , u sing the mapped identity requirements; and 

1 8 m e ans for aggregating each of the at least one other services and the first service, 

19 if the authentications thereof are successfiil, into an aggregated result accessible fi'om the 

20 aggregation interface in the local security domain . 
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Claim 17 (original): The system according to Claim 16, wherein the aggregated result is an 
aggregated view. 



1 Claim 18 (original): The system according to Claim 16, wherein the entity is a programmatic 

2 entity. 

1 Claim 19 (currently amended): A computer program product for providing federated identity 

2 management within a distributed content aggregation framework, the computer program product 

3 embodied on one or more comput e r-r e adabl e computer-usable storage media and comprising 

4 computer-usable program code for : 

5 computer-readable program code for p roviding, to the content aggregation framework by 

6 a using entity, initial identity information that identifies the using entity for accessing a first 

7 content source that is operable within a first security domain in which the content aggregation 

8 framework is operable : 

9 computer-readable program code for authenticating the using identity, using the initial 

1 0 identity information^ by a first authentication service in the first security domain; 

1 1 comput e r-r e adabl e program cod e for conveying results of the authentication by the first 

12 authentication service to at least one selected other authentication service, each of which is 

1 3 associated with a remote security domain that is distinct from the first security domai n, along with 

14 the initial identity information ; 

15 using, in each remote security domain, the conveyed initial identity information to locate 

16 previously-stored identity information usable for authenticating the using identity in the remote 
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17 security domain; 

1 8 computer-readable program code for u sing the conveyed results located identity 

1 9 information, in each of the remote security domains, to authenticate the using entity to each of the 

20 selected other authentication services for accessing a remote content source operable within the 

21 remote security domain that is associated with that selected other authentication service, without 

22 requiring the using entity to provide additional the previously-stored identity information to the 

23 content aggregation framework : and 

24 aggregating content from the first content source and other content from each of the 

25 remote content sources for presentation in an aggregated view rendered by the content 

26 aggregation framework. 

1 Claim 20 (original): The computer program product according to Claim 19, wherein the initial 

2 identity information is a name and password associated with the using entity. 

1 Claim 21 (currently amended): The method according to Claim 1, fiirther comprising the step o f 

2 rendering, by the initial point of contact, the aggregated view. 
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